Digital Arrests and the Reconfiguration of Intermediary Liability: Assessing the “Duty of Care” in India’s 2026 Cyber-Regulatory Framework

India’s digital ecosystem has entered a decisive phase where the scale of connectivity has overtaken the capacity of traditional regulatory and enforcement mechanisms. With internet access now reaching more than 86% of households, the risks associated with digital expansion have become more visible and more damaging. By early 2026, one of the most alarming developments has been the rise of “digital arrest” scams highly sophisticated cyber frauds in which criminals impersonate law enforcement officials and place victims under what appears to be virtual custody. The financial consequences are staggering. In January 2026 alone, nearly ₹3,000 crore was siphoned off through such scams, reflecting an exponential rise compared to earlier years. This surge has compelled the Ministry of Home Affairs (MHA) and the Ministry of Electronics and Information Technology (MeitY) to rethink the regulatory framework governing intermediaries. What has emerged is a shift from passive liability protections toward an active “duty of care,” especially for encrypted platforms like WhatsApp. This transformation raises important questions about legality, technical feasibility, and constitutional balance, particularly in relation to privacy and free expression.